Debian Patches

Status for axis/1.4-28+deb12u1

Patch Description Author Forwarded Bugs Origin Last update
01-libaxis-java-build.patch build.xml: Don't copy jars during build <vladimir.lapacek@gmail.com> not-needed 2010-03-20
02-gcj-4.4.patch Fix FTBFS with GCJ-4.4: "Cannot override the final method from ResourceBundle"
Disable function clearCache() which is not used anyway.
Torsten Werner <twerner@debian.org> no debian 2010-03-20
axis-bz152255.patch Fix build with Java 1.5 some Fedora packagers no 2010-03-20
javadoc.diff Ensure Javadoc call get correct source version (1.3) Damien Raude-Morvan <drazzib@debian.org> no 2010-03-25
CVE-2014-3596.patch CVE-2014-3596
The getCN function in Apache Axis 1.4 and earlier does not properly
verify that the server hostname matches a domain name in the subject's
Common Name (CN) or subjectAltName field of the X.509 certificate,
which allows man-in-the-middle attackers to spoof SSL servers via a
certificate with a subject that specifies a common name in a field
that is not the CN field. NOTE: this issue exists because of an
incomplete fix for CVE-2012-5784.
David Jorm and Arun Neelicattu (Red Hat Product Security) no upstream 2014-09-25
ant-compatibility.patch Fixes the compatibility with Ant 1.9.8 or later (see https://bz.apache.org/bugzilla/show_bug.cgi?id=59402) Emmanuel Bourg <ebourg@apache.org> no
javadoc-encoding.patch javadoc encoding Markus Koschany <apo@debian.org> no 2018-03-20
java9-compatibility.patch Fixes the compatibility with Java 9 Emmanuel Bourg <ebourg@apache.org> no
java11-compatibility.patch Fixes the build failure with Java 11 Emmanuel Bourg <ebourg@apache.org> no
CVE-2018-8032.patch Correctly escape namespace URIs in namespace declarations (CVE-2018-8032) no backport, https://svn.apache.org/r1831943
CVE-2023-40743.patch CVE-2023-40743 Markus Koschany <apo@debian.org> no https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 2023-10-17

All known versions for source package 'axis'

Links